Package: proftpd Version: 1.3.0-4 Severity: important I've used 'AuthPAM off' in main server configuration and 'AuthPAM on' inside virtualhost directive. The problem is the last one is ignored by proftpd. I tried other directives like AuthOrder and AuthPAMConfig and I think they only have effect in the main server configuration, but they don't work in virtualhost configuration.
If I enable AuthPAM outside virtualhost directive, PAM work for main server an virtualhost. But it doesn't work if I only enable AuthPAM inside virtualhost directive. Thank you -- proftpd.conf # # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf #ServerName "Debian" ServerName "Teno" ServerIdent on "Bienvenido al FTP de isaatc.ull.es" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 #TimeoutIdle 1200 TimeoutIdle 300 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Uncomment this if you are using NIS or LDAP to retrieve passwords: PersistentPasswd off # Port 21 is the standard FTP port. Port 21 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. #Umask 022 022 Umask 007 007 # Normally, we want files to be overwriteable. AllowOverwrite on <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on QuotaDisplayUnits "Kb" QuotaLimitTable file:/etc/proftpd/ftpquota.limittab QuotaTallyTable file:/etc/proftpd/ftpquota.tallytab </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. # Problemas con Horde/Ingo. <IfModule mod_delay.c> DelayEngine off </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> # Ocultar propietario/grupo/modos reales. DefaultRoot ~ DirFakeGroup on ~ DirFakeUser on ~ # Archivo de claves independiente para los accesos no anónimos. AuthUserFile /etc/proftpd/ftpd.passwd AuthGroupFile /etc/proftpd/ftpd.group AuthPAM off RequireValidShell off # Limitamos acceso al FTP del duria. <Directory /comun/duria/ftp> Umask 002 002 <Limit APPE RNFR RNTO DELE RMD MKD SITE> DenyAll </Limit> </Directory> # A basic anonymous configuration, no upload directories. <Anonymous ~ftp> User ftp Group nogroup # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Cosmetic changes, all files belongs to ftp user DirFakeUser on ftp DirFakeGroup on ftp DirFakeMode 444 RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # Limit WRITE everywhere in the anonymous chroot <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # Uncomment this if you're brave. # <Directory incoming> # # Umask 022 is a good standard umask to prevent new files and dirs # # (second parm) from being group and world writable. # Umask 022 022 # <Limit READ WRITE> # DenyAll # </Limit> # <Limit STOR> # AllowAll # </Limit> # </Directory> </Anonymous> # Configuración para el VFS de Ingo y Gollem. # Ingo es la aplicación de filtros de correo del Horde. # Gollem es la aplicación de administración de ficheros del Horde. <VirtualHost 127.0.0.1> # Usamos otro puerto para no interferir con el servicio de FTP. Port 9200 Umask 077 077 DefaultRoot ~ AuthPAM on RequireValidShell on <Limit LOGIN> Order allow,deny Allow 127.0.0.1 Deny All </Limit> AllowOverwrite on </VirtualHost> -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16 Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Versions of packages proftpd depends on: ii adduser 3.77 Add and remove users and groups ii debconf 1.4.58 Debian configuration management sy ii debianutils 2.15 Miscellaneous utilities specific t ii libacl1 2.2.32-1 Access control list shared library ii libattr1 2.4.25-1 Extended attribute shared library ii libc6 2.3.6-7 GNU C Library: Shared libraries ii libldap2 2.1.30-13 OpenLDAP libraries ii libmysqlclient15off 5.0.20-1 mysql database client library ii libncurses5 5.5-1 Shared libraries for terminal hand ii libpam-runtime 0.79-3 Runtime support for the PAM librar ii libpam0g 0.79-3 Pluggable Authentication Modules l ii libpq4 8.1.3-4 PostgreSQL C client library ii libssl0.9.8 0.9.8a-8 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii netbase 4.23 Basic TCP/IP networking system ii perl 5.8.7-7 Larry Wall's Practical Extraction ii ucf 2.003 Update Configuration File: preserv ii zlib1g 1:1.2.3-11 compression library - runtime proftpd recommends no packages. -- debconf information: * shared/proftpd/warning: * shared/proftpd/inetd_or_standalone: standalone
